MICKAI
Article · 4 July 2026

Where Cloud Genuinely Cannot Go: An Honest Map of the No-Cloud Line

Almost every regime permits cloud with controls. The genuine no-cloud bar is workload-level, and we would rather name it honestly than sell a prohibition that does not exist.

Where Cloud Genuinely Cannot Go: An Honest Map of the No-Cloud Line
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
sovereign-airegulated-cloudDORAITARdata-protection

# Where Cloud Genuinely Cannot Go: An Honest Map of the No-Cloud Line

Most vendors selling to regulated buyers open with a lie of omission. They imply that banks, hospitals and government bodies are legally forbidden from public cloud, then position themselves as the only lawful escape. We have sat through enough diligence to know that framing does not survive a single sharp question from a general counsel. So we are going to do the opposite. We are going to draw the actual line, name the handful of places where owning your own intelligence substrate is genuinely mandatory, and be equally honest about the far larger territory where cloud is permitted and sovereignty is a preference rather than a prohibition.

We build Mickai as a Sovereign Intelligence Operating System (a SIOS) that regulated organisations own and run inside their own walls, air-gapped where they need it, with a cryptographically-signed audit record on every action. That is a strong position precisely because we do not need to exaggerate the law to justify it.

The regimes that everyone cites permit cloud

Start with what the rulebooks actually say. The Digital Operational Resilience Act (DORA) governs cloud and third-party ICT risk for EU financial entities. It does not ban cloud. It demands exit plans, concentration-risk management, and contractual audit rights. The Financial Conduct Authority and Prudential Regulation Authority (FCA and PRA) outsourcing rules in the United Kingdom say the same thing in a different accent: use the cloud, but stay accountable, keep your data reachable, and be able to leave. The European Banking Authority (EBA) guidelines on outsourcing follow the identical logic. The NHS Data Security and Protection Toolkit (DSP Toolkit) sets a standard for handling patient data that public cloud providers routinely meet. And the General Data Protection Regulation (GDPR) is a controls regime, not a hosting ban.

Read plainly, every one of these permits cloud with controls. A vendor who tells a bank it is "barred from cloud" is either uninformed or hoping the buyer is. Neither is a good look in the room.

So where is the line genuinely a bar

There is a real no-cloud line. It just lives at the workload level, not the organisation level. Four categories sit clearly on the wrong side of it.

Classified material at SECRET and above. Once information is formally classified, national-security handling rules take over from ordinary data-protection rules. Commercial public cloud, including the sovereign and government regions, is generally not accredited for SECRET-plus workloads. This is not a preference. It is an accreditation boundary, and no contractual comfort letter moves it.

ITAR-controlled technical data. The International Traffic in Arms Regulations (ITAR) treat certain defence-related technical data as export-controlled. Placing that data where a non-authorised foreign person could conceivably access it can itself be an export violation. The controls on personnel, physical location and access are strict enough that most organisations keep this category off shared infrastructure entirely.

Isolated operational technology. Air-gapped OT and SCADA environments running power, water, manufacturing and critical process control are isolated by design. Reaching them from a cloud-hosted model breaks the very isolation that keeps them safe. Here the bar is not regulatory paperwork. It is physics and safety engineering.

DPIA-negative processing. When a Data Protection Impact Assessment (DPIA) concludes that a specific high-risk processing activity cannot be carried out on a given cloud arrangement without unacceptable residual risk, that particular workload does not go to that cloud. The DPIA is the mechanism the law already gives you to find your own no-cloud line, case by case.

That is the honest map. Four workload categories where owned infrastructure is mandatory. Everything else is a judgement call.

Classical marble scene, Aletheia, gold rim light on void black

Mandatory versus merely preferable

We think buyers deserve this distinction stated flatly, because it changes how they should procure.

Owned SIOS is mandatory for the four categories above. If you process SECRET-plus, hold ITAR-controlled data, run isolated OT, or have a DPIA that rules out a cloud arrangement for a workload, you need infrastructure you own and control. There is no cloud contract that fixes this.

Owned SIOS is merely preferable, but often compellingly so, for the enormous middle: retail banking analytics, insurance underwriting, clinical decision support, legal and compliance review, most enterprise knowledge work. The law permits cloud here. The case for owning your substrate is built on control, cost at scale, and the elimination of data-exfiltration paths rather than on prohibition. Those are real, defensible reasons. They are just not the same thing as a legal bar, and we will not pretend otherwise.

Why the honest version is the stronger sell

The market we serve is large without any exaggeration. On a register-backed count there are roughly 16,092 sovereign-minded institutions across the United Kingdom and European Union: about 7,933 regulated core organisations plus an 8,159-strong adjacency of large private enterprises that want the same control. The addressable software market, on Verdantix figures for enterprise-AI-platform software, runs from about USD 13bn in 2024 to USD 50.3bn by 2030, which is roughly £11.7bn rising to £39.7bn at $1.267 per pound.

That market does not need a fictional legal bar to be worth building for. It rests on preference: control over where the model runs, cost certainty, and the plain wish never to hand sensitive data to infrastructure someone else operates. When we tell a buyer the truth about what the law requires and what it merely allows, we earn the credibility to be trusted on the harder claims too. Our 104 filed UK patent applications across 13 families, roughly 2,340 claims in the name of inventor Mickarle Wagstaff-Irons and building toward examination, describe how the owned substrate enforces isolation and signs its own audit trail. Those filings are worth more to a buyer who believes we are honest about everything else.

This piece connects naturally to our writing on the sovereignty-preference market versus the prohibition myth, on the cryptographically-signed audit record as Mickai's real differentiator, and on how air-gapped SIOS deployment actually works inside a regulated estate. Read together, they make the same argument from different angles: draw the line honestly, then win on the merits above it.

Classical marble scene, Aletheia, gold rim light on void black

The takeaway

The no-cloud line is real but narrow. It is drawn at the workload, not stamped across the whole institution. Classified, ITAR, isolated OT and DPIA-negative processing genuinely cannot go to cloud. Almost everything else can, under controls, which means the case for owning your intelligence substrate there is a case about control and cost and risk, made on its merits. We would rather win that argument in the open than sell you a bar that does not exist.

Frequently asked questions

Are regulated banks legally banned from using public cloud?

No. DORA, the FCA and PRA outsourcing rules, and the EBA guidelines all permit cloud provided the organisation keeps control: exit plans, concentration-risk management, audit rights and data reachability. The obligation is accountability, not abstinence.

Then when is owning your own infrastructure actually mandatory?

At the workload level, in four cases: material classified at SECRET or above, ITAR-controlled technical data, isolated OT and SCADA environments, and any workload a Data Protection Impact Assessment rules out for a given cloud arrangement. These are accreditation, export-control, safety and case-specific boundaries that no cloud contract removes.

If cloud is usually permitted, why choose an owned SIOS at all?

Because permitted is not the same as preferable. Owning the substrate gives you control over where models run, cost certainty at scale, and the removal of data-exfiltration paths, plus a cryptographically-signed audit record on every action. Those are strong reasons that stand on their own without any legal-bar claim.

How large is the market if it rests on preference rather than prohibition?

Large. About 16,092 sovereign-minded UK and EU institutions on a register-backed count, against an enterprise-AI-platform software market that Verdantix sizes at roughly USD 13bn in 2024 growing to USD 50.3bn by 2030, near £11.7bn to £39.7bn. Preference at that scale is a serious market.

By Micky Irons

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/workload-level-no-cloud-bar-drawing-the-honest-line-classified-itar-isolated-ot. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit
Alex Karp said hosted-AI vendors capture your data and bill you for unproductive tokens that create no value. He is right. We built Mickai so regulated organisations own the substrate instead of renting it, with a signed audit record on every action.
4 Jul 2026
The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
The Digital Omnibus provisional agreement moves the EU AI Act high-risk deadlines from August 2026 to December 2027. Most coverage frames the delay as relief. We frame it as the window to own your compliance stack outright, so you are compliant on day one in 2027 instead of retrofitting logging, oversight and traceability under a live deadline.
4 Jul 2026
Article 50 Lands in August: Machine-Detectable AI Provenance, and Why We Sign It At Source
Article 50 makes synthetic content machine-detectable from 2 August 2026, and the draft Code of Practice names C2PA as the route. We bind Content Credentials to the cryptographically-signed audit record Mickai writes on every action, so provenance is produced at source inside your own walls, not bolted onto a cloud API afterward.
4 Jul 2026
Under Oath, They Said They Could Not Say No. That Sentence Is the Whole Market
Microsoft France told the French Senate under oath that it cannot guarantee European data will never reach US authorities under the CLOUD Act, even inside a French sovereign region. We think that single sentence defines the market. Sovereign cloud is a real engineering improvement, but while the parent is US-domiciled the legal gap stays open. The only structure where the answer to a foreign subpoena is genuinely no is one you own and run inside your own walls.